我怎样才能从Tomcat迁移SSL到Apache HTTPD？ [英] How can i migrate SSL from Tomcat to Apache HTTPD?

问题描述

我迁移我的单台服务器的tomcat到集群，负载平衡和apache httpd的（与反向代理的mod_proxy）缓存。
是否有可能将证书和密钥对Apache格式转换或者我必须重新发出整个事情？

I am migrating my single server tomcat to a cluster, load balanced and cached by Apache HTTPD (reverse proxy with mod_proxy). Is it possible to convert the certificate and keys to the apache format or i have to re-issue the whole thing?

推荐答案

这是很容易直接与密钥工具提取证书，这是一个有点棘手提取私钥（虽然你可以编写程序这样做）。我建议使用的组合密钥工具和的OpenSSL 。

It's quite easy to extract the certificates directly with keytool, it's a bit trickier to extract the private key (although you could write programs to do so). I'd suggest using a combination of keytool and openssl.

如果您的密钥存储在PKCS＃12格式（.p12文件），跳过此步骤。将您的JKS存储到使用密钥工具（需要的版本从Java 6 +）

If your keystore is in PKCS#12 format (.p12 file), skip this step. Convert your JKS store into a PKCS12 store using keytool (need version from Java 6+)

keytool -importkeystore -srckeystore thekeystore.jks \
                        -srcstoretype JKS \
                        -destkeystore thekeystore.p12 \
                        -deststoretype PKCS12

然后，提取使用OpenSSL的证书：

Then, extract the certificate using openssl:

openssl pkcs12 -in thekeystore.p12 -clcerts -nokeys -out servercert.pem

提取私钥：

umask 0077
openssl pkcs12 -in thekeystore.p12 -nocerts -nodes -out serverkey.pem
umask 0022

需要注意的是，由于在提取时，私钥 -nodes 选项时，私钥文件将不被保护（因为它不能有密码要通过apache httpd的使用），所以请确保没有其他人可以阅读。

Note that, because the -nodes option is used when extracting the private key, the private key file won't be protected (as it mustn't have a password to be usable by Apache Httpd), so make sure no one else can read it.

然后，使用配置Apache的httpd <一个href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatefile\"><$c$c>SSLCertificateFile和<一个href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatekeyfile\"><$c$c>SSLCertificateKeyFile后分别指向证书文件和私钥文件。

Then, configure Apache Httpd using SSLCertificateFile and SSLCertificateKeyFile to point to the certificate file and the private key file, respectively.

这篇关于我怎样才能从Tomcat迁移SSL到Apache HTTPD？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！